fix(security):修复在获取用户会话以后,用户会话不存在的情况下依旧会保存至上下文的问题。
This commit is contained in:
徐涛
parent
b213b32325
commit
7064c26e5e
|
|
@ -32,7 +32,7 @@ func Recover(c *gin.Context) {
|
|||
//打印错误堆栈信息
|
||||
log.Printf("panic: %v\n", r)
|
||||
debug.PrintStack()
|
||||
response.NewResult(c).Error(500, "服务器内部错误")
|
||||
// response.NewResult(c).Error(500, "服务器内部错误")
|
||||
}
|
||||
}()
|
||||
//继续后续接口调用
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package security
|
|||
import (
|
||||
"electricity_bill_calc/cache"
|
||||
"electricity_bill_calc/model"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
|
|
@ -18,7 +19,7 @@ func SessionRecovery(c *gin.Context) {
|
|||
token := strings.Fields(auth)[1]
|
||||
session, err := cache.RetreiveSession(token)
|
||||
|
||||
if err == nil {
|
||||
if err == nil && session != nil {
|
||||
c.Set("session", session)
|
||||
}
|
||||
}
|
||||
|
|
@ -29,7 +30,11 @@ func SessionRecovery(c *gin.Context) {
|
|||
// ! 通过该中间件以后,是可以保证上下文中一定具有用户会话信息的。
|
||||
func MustAuthenticated(c *gin.Context) {
|
||||
session, exists := c.Get("session")
|
||||
if _, ok := session.(*model.Session); !exists || session == nil || !ok {
|
||||
if !exists || session == nil {
|
||||
c.AbortWithStatus(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
if _, ok := session.(*model.Session); !ok {
|
||||
c.AbortWithStatus(http.StatusForbidden)
|
||||
}
|
||||
c.Next()
|
||||
|
|
@ -39,7 +44,10 @@ func MustAuthenticated(c *gin.Context) {
|
|||
// ! 通过该中间件以后,是可以保证上下文中一定具有用户会话信息的。
|
||||
func EnterpriseAuthorize(c *gin.Context) {
|
||||
session, exists := c.Get("session")
|
||||
if sess, ok := session.(*model.Session); !exists || !ok || sess.Type != 0 {
|
||||
if !exists || session == nil {
|
||||
c.AbortWithStatus(http.StatusForbidden)
|
||||
}
|
||||
if sess, ok := session.(*model.Session); !ok || sess.Type != 0 {
|
||||
c.AbortWithStatus(http.StatusForbidden)
|
||||
}
|
||||
c.Next()
|
||||
|
|
@ -49,7 +57,10 @@ func EnterpriseAuthorize(c *gin.Context) {
|
|||
// ! 通过该中间件以后,是可以保证上下文中一定具有用户会话信息的。
|
||||
func ManagementAuthorize(c *gin.Context) {
|
||||
session, exists := c.Get("session")
|
||||
if sess, ok := session.(*model.Session); !exists || !ok || (sess.Type != 1 && sess.Type != 2) {
|
||||
if !exists || session == nil {
|
||||
c.AbortWithStatus(http.StatusForbidden)
|
||||
}
|
||||
if sess, ok := session.(*model.Session); !ok || (sess.Type != 1 && sess.Type != 2) {
|
||||
c.AbortWithStatus(http.StatusForbidden)
|
||||
}
|
||||
c.Next()
|
||||
|
|
@ -59,7 +70,11 @@ func ManagementAuthorize(c *gin.Context) {
|
|||
// ! 通过该中间件以后,是可以保证上下文中一定具有用户会话信息的。
|
||||
func OPSAuthorize(c *gin.Context) {
|
||||
session, exists := c.Get("session")
|
||||
if sess, ok := session.(*model.Session); !exists || !ok || sess.Type != 2 {
|
||||
log.Printf("[debug]session exists: %v, %v \n", exists, session)
|
||||
if !exists {
|
||||
c.AbortWithStatus(http.StatusForbidden)
|
||||
}
|
||||
if sess, ok := session.(*model.Session); !ok || sess.Type != 2 {
|
||||
c.AbortWithStatus(http.StatusForbidden)
|
||||
}
|
||||
c.Next()
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user